Lucene search
+L

2100 matches found

Cvelist
Cvelist
added 2026/06/25 4:44 p.m.24 views

CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

6.5CVSS0.00286EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.9 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53116 s390/ap: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

5.8AI score0.00145EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...

7.8CVSS5.8AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 5:47 p.m.61 views

CVE-2020-9713

CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References1Affected Software3
Snyk
Snyk
added 2026/06/19 2:38 p.m.5 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through improper handling of reserved keys in the JSON protocol when serializing CedarMap. An attacker can cause unauthorized access or manipulation of data by supplying...

8.8CVSS5.8AI score0.0048EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:38 p.m.15 views

CedarJava has type confusion vulnerability

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary. Impact Record-to-Entity type confusion across the...

8.8CVSS6AI score0.0048EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50975

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...

8.8CVSS6.1AI score0.0048EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 12:3 p.m.44 views

CVE-2024-35648

No technical details are provided in the connected documents for CVE-2024-35648 beyond the description of a CSRF vulnerability in the Emergency Password Reset plugin (WordPress)

4.3CVSS5.2AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:2 p.m.25 views

CVE-2024-33909

CVE-2024-33909 affects WordPress iPages Flipbook (vulnerable up to 1.5.1) and is a Missing Authorization/ broken access control issue. The connected records indicate an improper authorization check allowing access to protected resources due to incorrectly configured access control levels. Impact ...

5.3CVSS5.2AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:57 a.m.42 views

CVE-2024-32949

Technical details for CVE-2024-32949 are not provided in the supplied documents. No product/version/root-cause/impact/fix specifics are available here. Monitor for official updates from CVE records or vendor advisories.

8.3CVSS5.2AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:42 a.m.41 views

CVE-2024-24709

CVE-2024-24709 targets the WordPress Shareaholic plugin, affecting versions up to 9.7.11. The root cause is a missing Authorization check on accept_terms_of_service, enabling a user with subscriber-level privileges (or higher) to exploit broken access control. The vulnerability is classified as M...

4.3CVSS8.4AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 10:25 a.m.43 views

CVE-2024-34810

CVE-2024-34810 is a CSRF vulnerability affecting Skyline WP

4.3CVSS5.1AI score0.00117EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 a.m.14 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:15 a.m.26 views

CVE-2026-12222

CVE-2026-12222 affects Yealink SIP-T46U (firmware 108.86.0.118) via the Web FastCGI Service: function mod_webd.BlueToothTest in /api/inner/bttest, where manipulating btMac/pin/reserved can trigger a stack-based overflow. Exploitation reportedly public and feasible within a local network; vendor d...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5
MariaDBUnix
MariaDBUnix
added 2026/06/11 5:13 p.m.32 views

CVE-2026-49261

Disclaimer: This data contains information about vulnerable...

10CVSS5.6AI score0.00998EPSS
Exploits0
CVE
CVE
added 2026/06/11 10:43 a.m.77 views

CVE-2022-47150

CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 9:47 a.m.38 views

CVE-2022-42479

CVE-2022-42479 concerns a Broken Access Control in WordPress Soledad premium theme versions

5.4CVSS5.5AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:3 a.m.10710 views

CVE-2023-33999

Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.

7.1CVSS7.8AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:9 p.m.58 views

CVE-2022-48575

The CVE-2022-48575 issue affects macOS Monterey due to a consistency/state-handling defect that may allow a person with physical access to bypass the Login Window. The Apple security content notes this as fixed in macOS Monterey 12.4. Affected component: Login Window handling; root cause: improve...

3.5CVSS5.4AI score0.00153EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder